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IN THE CLAIMS: 

Please reconsider the claims as follows: 

1. (Previously Presented) A method for thwarting coordinated SYN denial of 
service (CSDoS) attacks against a server S disposed in a network of 
interconnected elements communicating using the TCP protocol, comprising the 
steps of 

controlling a network switch to divert a predetermined fraction of SYN 
packets destined for said server, to a web guard processor, 

establishing a first TCP connection between one or more clients 
originating said packets and said web guard processor, and a second TCP 
connection between said web guard processor and said server, so that packets 
can be transmitted between said one or more clients and said server, 

monitoring the number of timed-out connections between said web guard 
processor and said one or more clients, 

if the number of timed-out connecUons between said web guard processor 
and said one or more clients exceeds a first predetemnined threshold, controlling 
said switch to divert all SYN packets destined to said server to said web guard 
processor. 

2. {Previously Presented) The method of claim 1 liirther comprising the step of 
generating an alarm indicating that said server is likely to be under attack. 

3. (Previously Presented) The method of claim 1 including the further steps of 

determining if the number of timed-out connections between said web guard 
processor and said clients exceeds a second predetermined threshold, and 

if so. controlling said switch to delete all SYN packets destined for said 
server. 

4. (Previously Presented) The method of claim 3 further comprising the step of 
generating an alarm indicating that said server is under attack. 
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5. (Original) The method of claim 1 further including the step of notifying said 
server that it is under attack. 

6. (Original) The method of claim 1 further including the step of notifying other 
web guard processors In said network that said server is under attack. 

7. (Previously Presented) A method for thwarting coordinated SYN denial of 
service (CSDoS) attacks against a server disposed In a network of 
interconnected elements communicating using the TCP protocol, the attack 
originating from a host generating SYN packets destined for the server, said 

method comprising: 

arranging a switch receiving the SYN packets destined to the server to 
fonward the SYN packets to a TCP proxy arranged to operate without an 
associated cache, 

for each SYN packet, sending a SYN/ACK packet from the TCP proxy to a 
sender address included in the SYN packet by the host; 

establishing a TCP connection, corresponding to a particular SYN packet 
of the SYN packets, between the TCP proxy and the server only if the TCP proxy 
receives a response from the host to the SYN/ACK packet con-esponding to the 
particular SYN packet. 

8. (Previously Presented) A method for thwarting coordinated SYN denial of 
service (CSDOS) attacks against a server disposed in a network of 
interconnected elements communicating using the TCP protocol, comprising: 

forwarding a statistical sampling of packets from a switch in the network to 
a processor. 

if packets in the sampling Indicate an attack against the server, altering the 
operation of the switch to forward all packets destined for the server to the 
processor. 
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9, (Previously Presented) The method of claim 8 wherein the switch Is arranged to 
discard packets in the event an attack is detected. 
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